Sr. Technical IAM Analyst

Job Title: Sr. Technical IAM Analyst

Job Location: Remote 

About The Job:

The Client Contingent Worker program is seeking a Senior Analyst Identity and Access Management (IAM). Assignment reports directly to the Manager Identity and Access Management (IAM). This role is a key member of the information security team and is responsible for the design and operations of key identity and access management controls at Sandy Spring Bank. The IAM controls are essential to ensure access is granted on a least privilege basis to all internal and cloud-based systems. IAM controls compliance with internal policies and external regulations are a critical part of Sandy Spring providing services to its customers while protecting their personal information. The scope of the IAM program includes internal infrastructure systems and applications and Software as a Service (SaaS) applications. The Senior Analyst IAM will ensure identity and access management controls in SSB are effective in their operation and will lead efforts to define and implement control improvements that reduce risks and increase efficiency.

Areas of Focus:

        Develop and operate a comprehensive identity and access management program to address the following key control needs:

o   Identity Lifecycle Management Automated Provisioning and Reconciliation

o   Auditing Reporting and User Activity Monitoring

o   Access Certification of access to in-scope resources

o   Segregation of Duties

o   Break Glass Password vaulting

o   Privileged Access Management

o   SaaS access reporting for access reviews

o   Single Sign On

        Identify enhanced IAM capabilities and control process requirements and evaluate automation tools that will be necessary to implement them. Work with vendors and infrastructure engineering to install and configure the selected toolset.

        Develop maintain and implement IAM policies IAM standards and standard operating procedures. Work with first line information security teams second line technology risk teams human resources and business application owners to define and implement controls that meet information security program policy risk management and regulatory requirements.

• Manage end user and system accounts user access groups roles and entitlements using applicable tools and applications.

        Manage report and facilitate access certification across all business areas of Bank.

        Define a process for and support the onboarding of new vendors systems and technology products in order to ensure that all IAM policies are met in a consistent manner.

• Liaise with regulators second line risk teams and Internal Audit teams as part of responding to their requests to walk through control processes and to gather and present evidence of control operation.

        Ensure that significant findings related to IAM control effectiveness are remediated timely. Self-identify issues when applicable and identify dates for remediation.

        Collaborate directly with senior members of SSB Business and IT to execute on a roadmap for uplifting the maturity of SSB IAM processes as part of the Information Security program.

        Provide regular reporting with metrics on the status of the IAM processes and liaise with internal audit external regulatory examiners to demonstrate the design operation and effectiveness of all IAM controls.

        Secure access to SaaS systems leveraging cloud native tools and built in SaaS service capabilities.

        Integrate IAM controls with devops processes at SSB.

        Support a 24/7 coverage schedule by rotating with other team members including weekends.

Qualifications :

KNOWLEDGE SKILLS AND ABILITIES:

        Bachelors degree in Information Security Computer Science Management of Information Systems or related field required.

       Minimum 10 years equivalent transferrable job-related experience.  For example experience in IT Info Sec Business Analysis or related fields.  

       Minimum of 5 years experience in Identity and Access Lifecycle Management Operations and Controls Identity Governance Administration using Sailpoint. Application onboarding processes and integration.

        Minimum of 3 years experience in Access reviews Role Owner Reviews Access Group reviews SOX Access Controls Privileged Account Access Reviews.

        Minimum of 3 years experience supporting MS Active Directory Domain Services Azure Active Directory AD FS and Active Directory Connect.

• Minimum of 2 years experience supporting Privileged Identity Management Processes (CyberArk BeyondTrust Thycotic etc.)
• Preferred minimum of 1 years operations experience specifically with CyberArk PAM.
• Experience with Single Sign-On (SSO)  and Multifactor Authentication (MFA).
• Preferred minimum of 1 years experience in scripting (PowerShell JSON and Python etc.).

        Professional security management certification such as a Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) or other similar credentials.

• Demonstrated understanding of information security policies standards and industry leading practices.

        Demonstrated experience with operating processes and procedures that align with controls for Sarbanes Oxley FFIEC ISO 27001/2 FISMA or National Institute of Standards and Technology (NIST) CSF is required.

        Self-driven detail-oriented with excellent written and verbal communication skills interpersonal and collaborative skills

        High level of personal integrity as well as the ability to professionally handle confidential matters and procedures.

        High degree of initiative dependability and ability to work with limited supervision.

Additional Information :

Thanks & Regards 

Praveen Kumar

Sr. Recruiter

Zillion Technologies Inc

E-mail: praveen(at)zilliontechnologies(dot)com 

Phone:  

Remote Work :

Yes

Employment Type :

Full-time